General
-
Target
setup-9035d.exe
-
Size
76KB
-
Sample
241204-kpdlcsznhw
-
MD5
433edb87db3a82d14ba7d88ba87d3503
-
SHA1
bb2af0b83d7a55aa2d9ebd5e1d3d6f06f1fecc8c
-
SHA256
7743183018de756ca03523c24561a2cb868fc69e63ba01f4ff854cc11c3115ba
-
SHA512
858fe073ff5a015d4a51b8976d1e88dcb23504848fb07cc6f1cc5eeac6de91c615aa028de867f520b7bd59750f6a2633061aec96cf5766c18eda8103e16a0516
-
SSDEEP
1536:O1e1/zEY3vnxkoig5PBVDVfEHbqZYkcJzR72eP72X4HKzkO7C7ZGhLW:Pr3fxTPLh+bYX497MCO72Y1W
Behavioral task
behavioral1
Sample
setup-9035d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
setup-9035d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xworm
-
Install_directory
%ProgramData%
-
install_file
Setup-x9035d.exe
-
pastebin_url
https://pastebin.com/raw/2zRWZhkX
Targets
-
-
Target
setup-9035d.exe
-
Size
76KB
-
MD5
433edb87db3a82d14ba7d88ba87d3503
-
SHA1
bb2af0b83d7a55aa2d9ebd5e1d3d6f06f1fecc8c
-
SHA256
7743183018de756ca03523c24561a2cb868fc69e63ba01f4ff854cc11c3115ba
-
SHA512
858fe073ff5a015d4a51b8976d1e88dcb23504848fb07cc6f1cc5eeac6de91c615aa028de867f520b7bd59750f6a2633061aec96cf5766c18eda8103e16a0516
-
SSDEEP
1536:O1e1/zEY3vnxkoig5PBVDVfEHbqZYkcJzR72eP72X4HKzkO7C7ZGhLW:Pr3fxTPLh+bYX497MCO72Y1W
Score10/10-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1